{"id":1438,"date":"2025-06-07T13:04:47","date_gmt":"2025-06-07T17:04:47","guid":{"rendered":"https:\/\/servitiq.ca\/?p=1438"},"modified":"2026-03-13T11:20:23","modified_gmt":"2026-03-13T15:20:23","slug":"cyber-insurance-12-essential-controls-quebec-smb","status":"publish","type":"post","link":"https:\/\/servitiq.ca\/en\/articles\/cyberassurance-pme-quebec-12-controles-essentiels\/","title":{"rendered":"Cybersecurity &#038; Insurers: 12 essential controls for an SMB in Quebec"},"content":{"rendered":"<p>La <strong>Cyber insurance<\/strong> has become one of the financial safeguards for SMBs. Problem: insurers are increasingly refusing applications without <strong>minimum controls<\/strong>. Here are the 12 measures that often make the difference between an accepted quote and a denial.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1) MFA everywhere<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable <strong>two-factor authentication<\/strong> on email, VPNs, admin consoles (Microsoft 365\/Google Workspace, firewalls, routers, backups). FIDO2 tokens are a plus.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">2) EDR or MDR<\/h2>\n\n\n\n<p>An <strong>EDR<\/strong> protects and isolates endpoints; an <strong>MDR<\/strong> adds a <strong>SOC 24\/7<\/strong> for detection and response. Insurers prefer <strong>MDR<\/strong> to reduce <strong>response time<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">3) 3-2-1-1-0 backups<\/h2>\n\n\n\n<p>Three copies, two media types, one offsite, one <strong>immutable<\/strong>, zero restore errors. Test <strong>monthly<\/strong> restores (samples) and <strong>quarterly<\/strong> the BCDR plan.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">4) Patch management<\/h2>\n\n\n\n<p>Automate <strong>system patches<\/strong> (Windows\/Linux\/Mac), VPN drivers, browsers, and software. Set an <strong>SLA<\/strong> : critical patches in &lt; 7 days.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">5) Hardening &amp; least privilege<\/h2>\n\n\n\n<p>Disable SMBv1\/obsolete SSL, apply <strong>password policies<\/strong>, remove <strong>inactive accounts<\/strong>, separate <strong>admin<\/strong> and <strong>user<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">6) Network segmentation<\/h2>\n\n\n\n<p>Isolate servers, workstations, IoT, guests. <strong>VLANs<\/strong> + ACLs + separate Wi-Fi. Less impact in case of an incident.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">7) DNS &amp; email filtering<\/h2>\n\n\n\n<p>Secure DNS (malware\/phishing blocking), <strong>SPF\/DKIM\/DMARC<\/strong> in <strong>quarantine\/reject<\/strong> to limit spoofing.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">8) Centralized logging<\/h2>\n\n\n\n<p>Retain <strong>logs<\/strong> (firewall, EDR, AD, M365\/GWS) 90 days minimum. Alerts on admin logins, abnormal failures, account creations.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">9) Anti-phishing training<\/h2>\n\n\n\n<p>Short quarterly modules + simulations. Measure the <strong>click rate<\/strong> and target at-risk teams.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">10) Third-party management<\/h2>\n\n\n\n<p>Vendor access <strong>reduced and tracked<\/strong> (individual accounts, expiration, MFA). Contractual security clauses.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">11) IR (Incident Response) plan<\/h2>\n\n\n\n<p>Who decides, who communicates, who isolates? <strong>Runbooks<\/strong> per scenario (ransomware, compromised email). <strong>Tabletop exercises<\/strong> 2\u00d7\/year.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">12) Governance<\/h2>\n\n\n\n<p>An <strong>security owner<\/strong> (internal\/MSP), with <strong>policies<\/strong> that are concise and living (access, backups, classification, mobility).<\/p>\n\n\n\n<ul class=\"wp-block-list\"><\/ul>","protected":false},"excerpt":{"rendered":"<p>La cyberassurance est devenue l\u2019un des garde-fous financiers pour les PME. Probl\u00e8me : les assureurs refusent de plus en plus les dossiers sans contr\u00f4les minimaux. Voici les 12 mesures qui font souvent la diff\u00e9rence entre un devis accept\u00e9 et un refus. 1) MFA partout 2) EDR ou MDR Un EDR prot\u00e8ge et isole les postes [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1441,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_swpsp_post_exclude":false,"footnotes":""},"categories":[14],"tags":[],"class_list":["post-1438","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-gouvernance-conformite"],"_links":{"self":[{"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/posts\/1438","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/comments?post=1438"}],"version-history":[{"count":7,"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/posts\/1438\/revisions"}],"predecessor-version":[{"id":1736,"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/posts\/1438\/revisions\/1736"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/media\/1441"}],"wp:attachment":[{"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/media?parent=1438"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/categories?post=1438"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/tags?post=1438"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}